Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss (important)

2016-02-04T19:16:05
ID SUSE-SU-2016:0338-1
Type suse
Reporter Suse
Modified 2016-02-04T19:16:05

Description

This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520)

Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2.

The following vulnerabilities were fixed:

  • CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)
  • CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)
  • CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)

The following improvements were added:

  • bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites
  • Tracking protection is now enabled by default
  • bsc#964332: Fixed leaking file descriptors inside FIPS selfcheck code